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REMARKS 

In response to the rejection of claims 2, 14, and 16 imder 35 U.S.C. §1 12, &5t paragraph, 
at page 2, paragraph 1 of the QfSce Action, Applicants have canceled claims 2 and 16 without 
prejudice or disclaimer. Additionally, with this response, claim 14 is amended to remove the 
teom **JTRIP." Accordingly, Applicants reqxiest that the rejection of claims 2, 14, and 1 6 be 
withdrawn. 

Applicants traverse the rejection of claims 1-27 under 35 U.S.C. §103(a) over U.S. Patent 
Publication No. 2004/0049693 ("Douglas") in viewof U.S'. Patent No. 6,081,894 C^ann") at 
pages 2-5, paragraph 2 of the Non-Final Office Action. Doxsiglas discloses a host-based intrusion 
detection sensor tb^l monitors system logs, applications running on the host and files for 
evidence of suspicious activity. See Douglas^ Abstract Douglas further discloses that, when 
suspicious activity is detected, the syst^ notifies a system administrator. See Douglas^ 
Abstract Douglas fiirther discloses that the device can take action to stop the suspicious ev^t 
and recotd it for fiiture forensic analysis. See Douglas, p. 1, paragraph 0020. The Of&ce Action 
acknowledges that Douglas &ils to disclose or suggest response to detection of the icctrusion 
event, isolating the at least one network inter&ce from the computer network and taking the host 
computer down to a single user state so that access to the host computer system is limited to 
physical access at the host computer system," as recited by independent claims 1 and 1 5. 

The Office Action asserts that Mann discloses this feature, citing Mann at col. 3, lines 2- 
5. However, at the referenced section, Mann states; 

When a virus is detected, a data isolator 60, that is responsive to a control signal 42 from 
the data con:^)arator 40, isolates the first data channel 22 from the second data channel 
32. Thus, viruses are detected and prevented from being received by the data receiving 
entity 30. 

See Mam, coL 3, lines 2-5, 

Thus, Mann &ils to disclose isolating the at least one network interface from the 
computer network and taking the host computer system down to a single user state, as recited by 
independent claims 1 and 15. Mann discloses in Figure 1 that a data comparator 40 and a data 
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isolator 60 are between a data sending end^ 20 and a data receiving entity 30» and that the data 
contparator 40 is to monitor traffic and to intercept znalicions transmissions. See Mann^ Figure 1 
and col. 2 line 60 ttiroxigh col. 3, line 5. Mamx further discloses that the isolating apparatus is a 
peripheral device that interfeces with a Peripheral Control Inter&ce (PCI) bus of the receiving 
device to provide isolation from a data sending entity, such as the Internet See Mann, col. 2, 
lines 8-12. The system of Mann detects a virus before it is received by the receiving entity and 
operates as an intrusion prevention system that isolates the receiving entity from the network to 
prevent the virus from being received at alL See M<mn^ col. 1, lines 38-41, lines 26-28 and coL 
3, lines 2-5. Mann provides no indication that the peripheral device is adapted to take the 
receiving device down to a single user state, and, moreover, teaches away from a single user 
state, by stating: 

A further advantage of the invention is that it isolates &e data sending entity from the 
dala receiving entity without disrupting normal operation of either entity. 

M27zn, col. 2, lines 30-32. 

By contrast, independent claims 1 and IS recite ^in response to detecting tbie intrusion 
event, isolating the at least one network interface from the computernetwork and^^Q£.^e^ost 
computer system down to a single user state so that access to the host computer system is limited 
to physical access at the host computer system." The ''single user state^ is different from normal 
operation in that ""access to the host computer system is limited to physical access at the host 
computer system,'^ as recited by claims 1 and 15. 

Accordingly, not only does Mamx fail to disclose or suggest at least one claimed feature 
of claims 1 and 15, but Mann teaches away from the single user state, as recited by claims 1 and 
15, by stating that the isolation is provided without disnipting normal operation. Maun therefore 
teaches away from the claimed invention of claims 1 and 15. Thus, even if the system of 
Douglas were combined with the isolation components of Mann, the resulting combination &ils 
to disclose or suggest at least one el^ent of independent claims 1 and 15, and of claims 3-13 
and 17-27 at least by virtue of their dependency from one of claims 1 and 15. 

Applicants traverse the rejection of claim 14 under 35 US.C §l03(a) over Douglas in 
view of Mann at page S, paragraph 2 of the Office Action- Claim 14 recites in response to 
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detecting the.intrusion event, the method includes issuing an DFCONFTG down command to the 
at least one network inter&ce to isolate the at least one network interface from the computer 
network, issuing an ENTTl command to an operating system of the host computer system to take 
the host computer system down to a single user state, and writing a log of the intrusion event to a 
log database that is not located on the second computer system. 

The OfEice ActioD. rejects claim 14 over Douglas and Mann as applied to claims 1-8 and 
10. As previously discussed, fte asserted combination of Douglas and Mann &ils to disclose or 
suggest at least one element of claims l-IO. Further, the asserted combination of Douglas and 
Mann fails to disclose or suggest in response to detecting the intrusion event, the method 
includes issuing an IFCONFIG down command to the at least one network interface to isolate 
the at least one network interface from the computer network, as recited by claim 14. 
Additionally, the asserted combination of Douglas and Mann &ils to disclose or suggest issuing 
an INITI command to an operating system of the host computer system to take the host 
computer system down to a single user state, as recited by claim 14. Instead, Mann isolates a 
receiving entity from a sending entity, without disrupting normal operation of either entity. See 
Mann, col. 2, lines 29-3 L As previously discussed and as acknowledged by the Office Action at 
page 3, par^raph 2, Douglas fails to disclose or suggest isolating the receiving device. 
Accordingly, the asserted combination of Douglas and Mann ^Is to disclose or suggest at least 
two elements of independent claim 14« 

CONCLUSION 

Applicants have pointed out specific features of the claims not disclosed, suggested, or 
rendered obvious by the references ^plied in the Office Action. Accordingly, Applicants 
respectfully request reconsideration and withdrawal of each of the rejections, as well as an 
indication of the allowability of each of the pending claims 1,3-15, and 1 7-27. 

Any changes to the claims in this amendment, which have not been specifically noted to 
overcome a rejection based upon tiie prior art, should be considered to have been made for a 
purpose unrelated to patentability, and no estoppel should be deemed to attach thereto. 
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The Exaxniner is invited to contact the nndeisigoed attorney at the telephone number 
listed below if $uch a call would in any way facilitate allowance of this application. 

The Coimnissioner is hereby aulhorized to cha:^e any fees, which may be required, or 
credit any overpayment, to Deposit Account Number 50-2469- 



Respectfolly submitted. 



Date Jeffrey G. Tola:, Reg. No. 38,342 

Attorney for Applica3it(s) 
TOLER SCHAFFER, LX JP- 
5000 Plaza On The Lake, Suite 265 
Austin, Texas 78746 
(512) 327-5515 (phone) 
(512) 327-5575 (fex) 
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